CCNA Security 210-260 – What You Need To Know

Cisco announced the end of CCNA Security v2.0 exam for November 30th, 2015. After that date, you may only take the new 210-260 exam.

You have the choice to pick either exam at the moment.

So what’s new with CCNA Security? What do you need to know between v2.0 and v3.0 (210-260). The CCNA Security is an Associate level exam from Cisco Systems, focusing on the Security track.

The prerequisites for this certification is a valid CCENT or CCNA Routing and Switching certification. At 90 minutes, you will be presented with 60-70 questions and it is proctored by Pearson Vue.

What’s New In CCNA Security 210-260?

Otherwise known as IINS or Implementing Cisco Network Security, this latest revision gets pared down from 9 objectives to 7. A couple of objectives were shuffled around and combined with others.

An example is the Security Concepts objective. I welcome this change as v2.0 used to have concepts scattered in different objectives. Most of these require you describe or identify common security concepts.

For many of the objectives, I welcome the configuration bullets. Many of them appear to be what’s required for real world work.

A big change for 210-260 is the missing language mentioning CCP, or Cisco Configuration Professional. It’s not sure if this will be tested on v3.0 but there is no mention of it making me believe it will not. My reason for this assumption is that for VPN, Cisco wants you to know how to configure in ASDM and on routers. So if CCP was truly required, they’d mention it. Otherwise, forget about it because who really used CCP anyways.

Let’s take a look at the VPN objective. It increased from 12% to 17% of the exam. You’ll need a deeper understanding of VPN technologies and how Cisco implements this. Learn how to configure VPN using ASDM and the command line. That includes ASA and Cisco IOS.

The Cisco Firewall Technologies objective increases from 13% to 18% of the exam. There is more emphasis on NAT. You may be asking why not just move to IPv6. Reason is because people hold on to NAT dearly. It’s used heavily and there are many complex NAT configurations you’ll run into.

It appears command line will be assumed for configuring a zone-based firewall. Again, CCP is not mentioned here. In v2.0 of CCNA Security, it was specifically stated.

No surprise that ASA creeped in more bullet points. The 9.x train was mentioned specifically.

The IPS objective decreases from 11% to 9% of the exam. This is probably due to more in-depth topics at the CCNP Security level. At an associate level, not many will be configuring an IPS.

Newly added in v3.0 is the Content and Endpoint Security objective, at 12% of the exam. A bigger chunk than IPS. The takeaway for this objective is to describe client-based threats and mitigation methods.

Is There An Official Cert Guide?

It’s available now. If you would like to receive 35% off this book, use Discount Code: PACKET6 at checkout on ciscopress.com

Summary

Overall, I think this is a great update to CCNA Security exam. In my opinion, this aligns with real world topics. It does fall heavily on the Cisco side and less of a vendor neutral exam.

For the entry level security professional, this is a solid exam to get your feet wet into Cisco’s security products. The obvious suggested path is to move right into CCNP Security as it dives into in-depth security topics.

Do you have any questions about the new CCNA Security 210-620 exam? Let me know in the comments below.